1.8.4 and all prior versions
1.8.5-p230 and all prior versions
1.8.6-p229 and all prior versions
1.8.7-p21 and all prior versions
1.9.0-1 and all prior versions

Upgrading to either 1.8.5-p231, 1.8.6-p230, 1.8.7-p22 or 1.9.0-2 is recommended.

This is, of course, of particular interest to Apple as its Mac OS X Leopard comes complete with a Ruby on Rails web development framework.

For an in-depth examination of the vulnerabilities head over to security guru Eric Monti at the Matasano Chargen blog who has been dissecting the detail.

Monti says "These vulnerabilities are likely to crop up in just about any average ruby web application. And by “crop up” I mean “crop up exploitable from trivial user-specified parameters”. Unlike un-handled ruby exceptions getting raised, these bugs aren’t the fault of the programmer as much as the fault of the interpreter. Part of the unwritten “contract” with your interpreted language is that it will prevent you from letting ridiculous things happen by raising an exception."

A freelance technology journalist for 30 years, I have been a Contributing Editor at PC Pro (one of the best selling computer magazines in the UK) for most of them. As well as currently contributing to Forbes.com, The Times and Sunday Times via Raconteur Special Reports, SC Magazine UK, Digital Health, IT Pro and Infosecurity Magazine, I am also something of a prolific author. My last book, Being Virtual: Who You Really are Online, which was published in 2008 as part of the Science Museum TechKnow Series by John Wiley & Sons. I am also the only three times winner (2006, 2008, 2010) of the BT Information Security Journalist of the Year title, and was humbled to be presented with the ‘Enigma Award’ for a ‘lifetime contribution to information security journalism’ in 2011 despite my life being far from over...